The post AI in the Driver’s Seat: How the ‘Bissa’ Scanner Hijacked 900+ Firms in Weeks appeared first on Daily CyberSecurity.

The post UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud appeared first on Daily CyberSecurity.

TeamPCP continues its string of supply chain attacks, and announces a partnership with Vect ransomware group.

The post Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure appeared first on Unit 42.

Overview In December 2025, a serious security vulnerability named Reach2Shell was disclosed, shaking the web development ecosystem. This vulnerability affects applications using React Server Components and the Flight protocol, allowing threat actors to execute arbitrary code on the server with a single HTTP request. It has been given a Common Vulnerability Scoring System (CVSS) score […]

We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182.

The post Exploitation of Critical Vulnerability in React Server Components (Updated December 12) appeared first on Unit 42.